MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 822551723b7ae035394003750ee9cd16e1c12af0e07067f7d0760bd99c110898. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetWire


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 822551723b7ae035394003750ee9cd16e1c12af0e07067f7d0760bd99c110898
SHA3-384 hash: 08027579899cfa11e317ff96a64d0ac8155ac6dcf10726d6941d96503423ad6226446de90272169215ee303a5c82cd69
SHA1 hash: d6c5fc3888dc19d982893837353d04b023cd3443
MD5 hash: f225ad7bb7b6cc025286829f09c78032
humanhash: bacon-diet-wyoming-jersey
File name:822551723b7ae035394003750ee9cd16e1c12af0e07067f7d0760bd99c110898
Download: download sample
Signature NetWire
Create hunting rule
File size:638'688 bytes
First seen:2020-07-06 06:43:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fc6683d30d9f25244a50fd5357825e79 (92 x Formbook, 52 x AgentTesla, 23 x SnakeKeylogger)
ssdeep 12288:cquErHF6xC9D6DmR1J98w4oknqO2CyQfFCQQ5a76+ryxqpFo2nuNaewl/b4qtd:trl6kD68JmloLQfkI76++YpdnuYeMD4I
Threatray 804 similar samples on MalwareBazaar
TLSH 1AD401437A97A50EDCEE46710C6598E40965FD211C38CAFBF290F73E6A31610EDA532E
Reporter JAMESWT_WT
Tags:NetWire

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
NetWire
Create hunting rule
Link:
https://www.capesandbox.com/analysis/20924/
Detection(s):
PUA.Win.Packer.Upx-48
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

Win.Dropper.njRAT-6971239-0
Create hunting rule

Win.Dropper.njRAT-6971240-0
Create hunting rule

Win.Dropper.njRAT-6971241-0
Create hunting rule

Win.Malware.Azorult-6971822-0
Create hunting rule

Win.Malware.Autoit-6972462-0
Create hunting rule

Win.Dropper.njRAT-6970846-1
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Enabling the 'hidden' option for recently created files
Unauthorized injection to a recently created process
DNS request
Creating a window
Enabling autorun
Detection:
netwire
Create hunting rule
Link:
https://mwdb.cert.pl/sample/822551723b7ae035394003750ee9cd16e1c12af0e07067f7d0760bd99c110898/
Threat name:
Win32.Trojan.AutoitInject
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 23:32:00 UTC
File Type:
PE (Exe)
Extracted files:
21
AV detection:
38 of 48 (79.17%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
Similar samples:
39a0ad9117de868c1aa3f891c58e750ef8688b829582c08c4c39098b94bf4f9c
NetWire
3b4671b291ffeef0bc2d488a2273b1bcc2546037229b29e4660254a71f03df82
NetWire
6a0649a94dadf6581c913e92f01d0d0f2414b6fb7792f36250bd565b4b6ce481
NetWire
6eb767d15a657e7d39c9534bbd4b24bcc9fb7d72b100b5456ac975a002ef93a9
NetWire
70d991e7c073c8d0706a8daa9b78aa7684c8c856989b66b53f2a3b79dfa1f814
NetWire
8d3c18b852f38c03b74ec7de7771a9f93e6f5e3aa44d3863567d984fed0c6d88
NetWire
9a8b855058e1d8a31a302dfa49caa68baec7940553466f303a65c5eb032fb4e3
NetWire
9e1de81ecb080a9d970953a62de72b6a83cc61776409098f1429c11032cbfa14
NetWire
c41615161da87837531dc1af5636303677156e3393109d835cbc8d1994e33218
NetWire
e216062353c8bafbbed3e1fa3cd7d154aae43eec2011234f4e20ceb578237f69
NetWire
+ 794 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200706-tz53tng8t6/
Behaviour
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/20924/

Comments